keychain_test.go

Documentation: github.com/google/go-containerregistry/pkg/authn/github

     1  // Copyright 2022 Google LLC All Rights Reserved.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //    http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package github
    16  
    17  import (
    18  	"os"
    19  	"testing"
    20  
    21  	"github.com/google/go-containerregistry/pkg/authn"
    22  )
    23  
    24  // TestKeychain checks that the keychain resolves when $GITHUB_TOKEN is set and
    25  // the request is for GHCR.
    26  func TestKeychain(t *testing.T) {
    27  	username, tok := "octocat", "my-token"
    28  	os.Setenv("GITHUB_ACTOR", username)
    29  	os.Setenv("GITHUB_TOKEN", tok)
    30  	got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
    31  	if err != nil {
    32  		t.Fatalf("Resolve: %v", err)
    33  	}
    34  	if got == authn.Anonymous {
    35  		t.Fatalf("Got anonymous, wanted authenticator")
    36  	}
    37  
    38  	auth, err := got.Authorization()
    39  	if err != nil {
    40  		t.Fatalf("Authorization: %v", err)
    41  	}
    42  	if auth.Username != username {
    43  		t.Errorf("Got username %q, want %q", auth.Username, username)
    44  	}
    45  	if auth.Password != tok {
    46  		t.Errorf("Got password %q, want %q", auth.Password, tok)
    47  	}
    48  }
    49  
    50  // TestKeychainUsernameUnset checks that the keychain resolves an "unset"
    51  // username when $GITHUB_ACTOR is not set.
    52  func TestKeychainUsernameUnset(t *testing.T) {
    53  	tok := "my-token"
    54  	os.Unsetenv("GITHUB_ACTOR")
    55  	os.Setenv("GITHUB_TOKEN", tok)
    56  	got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
    57  	if err != nil {
    58  		t.Fatalf("Resolve: %v", err)
    59  	}
    60  	if got == authn.Anonymous {
    61  		t.Fatalf("Got anonymous, wanted authenticator")
    62  	}
    63  
    64  	auth, err := got.Authorization()
    65  	if err != nil {
    66  		t.Fatalf("Authorization: %v", err)
    67  	}
    68  	if auth.Username != "unset" {
    69  		t.Errorf("Got username %q, want unset", auth.Username)
    70  	}
    71  	if auth.Password != tok {
    72  		t.Errorf("Got password %q, want %q", auth.Password, tok)
    73  	}
    74  }
    75  
    76  // TestKeychainUnset checks that the keychain doesn't resolve when the
    77  // environment variable is unset.
    78  func TestKeychainUnset(t *testing.T) {
    79  	os.Unsetenv("GITHUB_TOKEN")
    80  
    81  	got, err := Keychain.Resolve(resource("ghcr.io/my/repo"))
    82  	if err != nil {
    83  		t.Fatalf("Resolve: %v", err)
    84  	}
    85  	if got != authn.Anonymous {
    86  		t.Errorf("Resolve(ghcr.io) got %v, want Anonymous", got)
    87  	}
    88  }
    89  
    90  // TestNoMatch checks that the keychain doesn't resolve for non-GHCR registries.
    91  func TestNoMatch(t *testing.T) {
    92  	os.Setenv("GITHUB_TOKEN", "my-token")
    93  	for _, s := range []string{
    94  		"gcr.io",
    95  		"example.com",
    96  		"ghcr.io.example.com",
    97  		"invalid-domain-name -- %U)(@*)(%*)@(*#%@",
    98  	} {
    99  		got, err := Keychain.Resolve(resource(s))
   100  		if err != nil {
   101  			t.Fatalf("Resolve: %v", err)
   102  		}
   103  		if got != authn.Anonymous {
   104  			t.Errorf("Resolve(%q) got %v, want Anonymous", s, got)
   105  		}
   106  	}
   107  }
   108  
   109  type resource string
   110  
   111  func (r resource) String() string      { return string(r) }
   112  func (r resource) RegistryStr() string { return string(r) }
   113
View as plain text